Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32 windows 7 problems.


  • This topic is locked This topic is locked
17 replies to this topic

#1 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 09 May 2012 - 05:55 PM

Refer to Here for the full story and symptoms, boop told me to go here, I am starting the scans and prep that he told me, just thought I should make the topic, I will be posting the logs soon.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


BC AdBot (Login to Remove)

 


#2 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 09 May 2012 - 05:58 PM

DDS would not download from this sites download, I am skipping on to step 8 GMER

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#3 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 09 May 2012 - 11:17 PM

Gmer GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-09 21:11:30
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e9e9235
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e9e9235 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3C93FA0-94CA-F319-49A3-F9AA6E31305E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3C93FA0-94CA-F319-49A3-F9AA6E31305E}@iaiblbekkhecjkckkc 0x69 0x61 0x6B 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3C93FA0-94CA-F319-49A3-F9AA6E31305E}@hacefgagedhfiejc 0x69 0x61 0x6B 0x63 ...

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\06057338-63AF-43B9-BA8E-6673D7B4832F.data 301084 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\06057338-63AF-43B9-BA8E-6673D7B4832F.data.info 162 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\104D0660-F04B-472F-B0DC-ACB96C08CBC8.data 149493 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\104D0660-F04B-472F-B0DC-ACB96C08CBC8.data.info 262 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\17C9C159-323C-4769-9AF1-0076E3EC0BB2.data 7969 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\17C9C159-323C-4769-9AF1-0076E3EC0BB2.data.info 214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\188E2F68-D749-4262-AAF6-9926C5AA8F30.data 21832228 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\188E2F68-D749-4262-AAF6-9926C5AA8F30.data.info 228 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\57F7F9F2-EC76-4E9E-8E36-4DB7759395E9.data 315753 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\57F7F9F2-EC76-4E9E-8E36-4DB7759395E9.data.info 178 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\60C0D293-0A0E-472B-86B7-A18F110D5D1F.data 37994463 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\60C0D293-0A0E-472B-86B7-A18F110D5D1F.data.info 242 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6400F5F1-2352-4C71-AA8C-C701323B313C.data 17309895 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CF92567A-DAD0-4350-9AC4-FF5267A6FE47.data 2397488 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CF92567A-DAD0-4350-9AC4-FF5267A6FE47.data.info 148 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D984CA91-F234-410F-A7E5-969879483563.data 3717080 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D984CA91-F234-410F-A7E5-969879483563.data.info 164 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F2BAD10F-DFD3-4AA4-9832-CDA39934755F.data 1521433 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F2BAD10F-DFD3-4AA4-9832-CDA39934755F.data.info 168 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F6C102DD-112D-47F2-A017-4BD3CAF87D6A.data 11077061 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F6C102DD-112D-47F2-A017-4BD3CAF87D6A.data.info 200 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6C975AC3-B693-46E4-9FB6-D8D0986B7C67.data 17285864 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6C975AC3-B693-46E4-9FB6-D8D0986B7C67.data.info 210 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7546B78D-256E-470D-A722-8EDDEE7B6004.data 23791370 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7546B78D-256E-470D-A722-8EDDEE7B6004.data.info 210 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A29C9F3F-6528-4076-98AC-5AF689D5E7CF.data 197007 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A29C9F3F-6528-4076-98AC-5AF689D5E7CF.data.info 212 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A3BBFC47-C2E9-46BB-A28A-4C1EBA64FAB9.data.info 186 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AD8B9F8F-D04C-45FB-A000-D880A8266D5D.data 74865 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AD8B9F8F-D04C-45FB-A000-D880A8266D5D.data.info 178 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AEF68C9F-E54A-40EE-8EE1-54EAD3349157.data 5752 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AEF68C9F-E54A-40EE-8EE1-54EAD3349157.data.info 214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B1B4192D-1DBB-4CFD-96BC-CB67CA68D26C.data 6435827 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B1B4192D-1DBB-4CFD-96BC-CB67CA68D26C.data.info 164 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B524ACBA-E58E-4514-B60E-F2666208BDC6.data 8506724 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B524ACBA-E58E-4514-B60E-F2666208BDC6.data.info 250 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C2018BBD-FD71-4FCF-8737-1F00AE824AD4.data 86175 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C2018BBD-FD71-4FCF-8737-1F00AE824AD4.data.info 122 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CEA05D07-0644-4F49-A518-C9D50FEB7F9F.data 2397488 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6400F5F1-2352-4C71-AA8C-C701323B313C.data.info 198 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A3BBFC47-C2E9-46BB-A28A-4C1EBA64FAB9.data 1423820 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CEA05D07-0644-4F49-A518-C9D50FEB7F9F.data.info 178 bytes

---- EOF - GMER 1.0.15 ----

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#4 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 10 May 2012 - 11:52 AM

Okay, I ran killswitch to see what was up with rundll32 and it is saying that it is a child process of chrome, implying that chrome started it.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#5 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 10 May 2012 - 10:01 PM

Adding to the symptoms that plague my computer that I have described in the previous post, I have found that it isn't just foreign fonts and characters that are not showing up, I was ripping a LedZepplin album that I had that the artist name was in MS Goth bold and that was showing up as the unprintable square symbols.

Edited by Zestypanda, 10 May 2012 - 10:02 PM.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 PM

Posted 12 May 2012 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

p.s. If the download fails, right click on the link and select Save the file.
===
Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#7 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 12 May 2012 - 06:44 PM

Yeah, I found out that comodo was blocking the dds file because it falsely marked it as malicious, just as it does with combofix.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#8 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 12 May 2012 - 06:46 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Ryan at 16:42:45 on 2012-05-12
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.4077.2711 [GMT -7:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://lenovo.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: WinToFlash Suggestor: {fc36b0bd-27f0-4cdd-8ab1-50651efc3efd} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Ryan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E20DDBA-9AEE-4C74-A29C-833E5845CDC6} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\376737 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\376737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\7457563747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\75962756C6563737 : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: WinToFlash Suggestor: {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\windows\SysWOW64\guard32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\system32\DRIVERS\cmderd.sys --> C:\windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\system32\DRIVERS\cmdguard.sys --> C:\windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\system32\DRIVERS\cmdhlp.sys --> C:\windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\windows\system32\DRIVERS\stflt.sys --> C:\windows\system32\DRIVERS\stflt.sys [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
S3 DRIVER_B;DRIVER_B;\??\C:\windows\system32\Drivers\DRIVER_BIN64 --> C:\windows\system32\Drivers\DRIVER_BIN64 [?]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\system32\DRIVERS\jmccgp.sys --> C:\windows\system32\DRIVERS\jmccgp.sys [?]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\system32\Drivers\jmcam.sys --> C:\windows\system32\Drivers\jmcam.sys [?]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\system32\Drivers\jmcam_lo.sys --> C:\windows\system32\Drivers\jmcam_lo.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\windows\system32\Drivers\VBoxUSB.sys --> C:\windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-7-12 131912]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-5-5 8704]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\windows\system32\DRIVERS\RsFx0105.sys --> C:\windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-12 01:11:49 -------- d-----w- C:\Program Files (x86)\MSECache
2012-05-06 04:37:32 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-05-05 04:48:26 714 ----a-w- C:\windows\SysWow64\MyFile.bin
2012-05-05 04:46:11 -------- d-----w- C:\Program Files (x86)\pipa.jp
2012-05-04 21:23:25 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-04-30 23:13:51 224048 ----a-w- C:\windows\System32\drivers\VBoxDrv.sys
2012-04-30 23:13:47 130864 ----a-w- C:\windows\System32\drivers\VBoxUSBMon.sys
2012-04-24 01:15:01 -------- d-----w- C:\Program Files (x86)\WinToFlash Suggestor
2012-04-14 04:50:04 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 01:12:56 147248 ----a-w- C:\windows\System32\drivers\VBoxNetAdp.sys
2012-04-13 01:12:54 166192 ----a-w- C:\windows\System32\drivers\VBoxNetFlt.sys
2012-04-13 01:12:52 320816 ----a-w- C:\windows\System32\VBoxNetFltNobj.dll
.
==================== Find3M ====================
.
2012-05-04 20:34:34 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 20:34:34 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-03-15 01:22:56 117040 ----a-w- C:\windows\System32\drivers\VBoxUSB.sys
2012-03-11 21:13:41 43248 ----a-w- C:\windows\System32\drivers\cmdhlp.sys
2012-03-11 21:13:40 577824 ----a-w- C:\windows\System32\drivers\cmdGuard.sys
2012-03-11 21:13:38 22696 ----a-w- C:\windows\System32\drivers\cmderd.sys
2012-03-11 21:13:20 41200 ----a-w- C:\windows\System32\cmdcsr.dll
2012-03-11 21:13:18 301224 ----a-w- C:\windows\SysWow64\guard32.dll
2012-03-11 21:13:17 389840 ----a-w- C:\windows\System32\guard64.dll
2012-03-11 02:49:52 332288 ----a-w- C:\windows\System32\uxtheme.dll
2012-03-11 02:49:50 2851840 ----a-w- C:\windows\System32\themeui.dll
2012-03-11 02:49:48 44544 ----a-w- C:\windows\System32\themeservice.dll
2012-03-03 06:35:38 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-29 19:26:36 42392 ----a-w- C:\windows\SysWow64\xfcodec.dll
2012-02-29 19:26:36 28056 ----a-w- C:\windows\System32\xfcodec64.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-19 03:29:42 466456 ----a-w- C:\windows\System32\wrap_oal.dll
2012-02-19 03:29:42 444952 ----a-w- C:\windows\SysWow64\wrap_oal.dll
2012-02-19 03:29:42 122904 ----a-w- C:\windows\System32\OpenAL32.dll
2012-02-19 03:29:42 109080 ----a-w- C:\windows\SysWow64\OpenAL32.dll
2012-02-18 17:21:08 294232 ----a-w- C:\windows\System32\drivers\VMM.sys
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
.
============= FINISH: 16:44:56.78 ===============

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#9 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 12 May 2012 - 06:48 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 9 Flash Player out of date!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 PM

Posted 13 May 2012 - 08:48 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.2.202.233 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the log and let me know what problem persists.

#11 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 13 May 2012 - 01:29 PM

Okay, first off I want to say that I almost always keep my java, shockwave, flash ect up to date, it's that since I switched over to chrome there has been a lul in updating, furthremore I am getting ready to run combofix. I have downloaded and updated the flash java ect that you wanted me to.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#12 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 13 May 2012 - 02:06 PM

Combo fix log attached, also a screen cap of how / marks are not showing up correctly. Posted Image

ComboFix 12-05-13.03 - Ryan 3/2012 Sun 11:44:15.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4077.2661 [GMT -7:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ryan\AppData\Roaming\0ad
c:\users\Ryan\AppData\Roaming\0ad\config\user.cfg
c:\users\Ryan\AppData\Roaming\mIRC\logs\status.log
c:\users\Ryan\videos\chromeinstall-7u4.exe
c:\users\Ryan\videos\install_flash_player_11_active_x_64bit.exe
c:\windows\SysWow64\tmp496E.tmp
c:\windows\SysWow64\tmp8354.tmp
c:\windows\SysWow64\tmp84AC.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-13 18:58 . 2012-05-13 18:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-13 18:58 . 2012-05-13 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 18:39 . 2012-05-13 18:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-13 18:35 . 2012-05-13 18:35 -------- d-----w- c:\program files (x86)\Oracle
2012-05-13 18:35 . 2012-04-05 01:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-12 01:11 . 2012-05-12 01:11 -------- d-----w- c:\program files (x86)\MSECache
2012-05-06 04:37 . 2012-05-06 04:38 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-05-05 04:48 . 2012-05-05 04:48 714 ----a-w- c:\windows\SysWow64\MyFile.bin
2012-05-05 04:46 . 2012-05-05 04:46 -------- d-----w- c:\program files (x86)\pipa.jp
2012-05-04 21:23 . 2012-05-04 21:23 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-04-30 23:13 . 2012-04-13 01:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-30 23:13 . 2012-04-13 01:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-24 01:15 . 2012-04-24 01:15 -------- d-----w- c:\program files (x86)\WinToFlash Suggestor
2012-04-14 04:50 . 2012-05-04 20:34 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 18:30 . 2012-04-01 17:33 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-13 18:30 . 2012-02-17 01:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 01:12 . 2012-04-13 01:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-13 01:12 . 2012-04-13 01:12 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-13 01:12 . 2012-04-13 01:12 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-04-12 23:27 . 2011-05-27 23:43 165232 ---ha-w- c:\users\Ryan\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2012-04-05 01:47 . 2011-04-19 00:07 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56 . 2011-08-04 05:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 01:22 . 2012-03-15 01:22 117040 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2012-03-11 21:13 . 2011-10-08 02:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-08 02:47 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-08 02:47 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-10-08 02:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-10-08 02:47 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-10-08 02:47 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-11 02:49 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-03-11 02:49 . 2011-04-10 00:51 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-03-11 02:49 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-03-01 06:46 . 2012-04-11 02:52 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 02:52 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 02:52 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 02:52 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 02:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 02:52 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 02:52 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-29 19:26 . 2012-02-29 19:26 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-02-29 19:26 . 2012-02-29 19:26 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-02-28 06:56 . 2012-04-11 02:56 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 02:56 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 02:56 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 02:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 02:56 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 02:56 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 02:56 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 02:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-19 03:29 . 2011-04-05 02:56 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-19 03:29 . 2011-04-05 02:56 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-19 03:29 . 2011-04-05 02:56 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-19 03:29 . 2011-04-05 02:56 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-18 17:21 . 2012-02-18 17:21 294232 ----a-w- c:\windows\system32\drivers\VMM.sys
2012-02-17 06:38 . 2012-03-13 21:52 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 21:52 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 21:52 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 21:52 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]
2012-02-09 20:12 230192 ----a-w- c:\program files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Ryan\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Ryan\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 257696]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-12-25 131912]
R3 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys [x]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys [x]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:30]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839007091-301062112-3871788137-1000Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 08:43]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839007091-301062112-3871788137-1000UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 08:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-09-15 7069088]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Ryan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: {{A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - c:\program files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E20DDBA-9AEE-4C74-A29C-833E5845CDC6}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\376737: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-WT077400 - c:\program files (x86)\FATE - The Traitor Soul\Uninstall.exe
AddRemove-WinSetupFromUSB - c:\winsetupfromusb\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1839007091-301062112-3871788137-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3C93FA0-94CA-F319-49A3-F9AA6E31305E}*]
"iaiblbekkhecjkckkc"=hex:69,61,6b,63,68,66,70,6a,62,69,63,6d,6e,65,6f,62,64,67,
00,00
"hacefgagedhfiejc"=hex:69,61,6b,63,68,66,70,6a,62,69,63,6d,6e,65,6f,62,64,67,
00,00
.
[HKEY_USERS\S-1-5-21-1839007091-301062112-3871788137-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:a9,56,51,15,70,e2,9e,3b,a7,38,e2,4a,89,9b,ee,2b,b5,66,9a,60,17,
7c,15,6f,19,96,ef,54,03,6f,65,14,c9,51,00,23,1d,8f,de,37,0c,94,f1,4e,7b,7e,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-13 12:03:54
ComboFix-quarantined-files.txt 2012-05-13 19:03
ComboFix2.txt 2011-09-07 22:09
.
Pre-Run: 154,236,059,648 bytes free
Post-Run: 153,674,649,600 bytes free
.
- - End Of File - - B29D9A61F00B81BCCEAA6A3DCD20F535

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 PM

Posted 14 May 2012 - 08:04 AM

Your log is clean.

Any remaining issues?

#14 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:36 PM

Posted 14 May 2012 - 10:10 AM

Yes, rundll32 still running without explanation, slowing and also whenever I start my computer up I get immediately dumped back at the login screen, when before it would go to my desktop, it's as if when I turn my computer on it immediately logs me off and the characters not showing up properly, I have it set to show non unicode characters as japanese but, if I turn that off japanese, korean, congi and chinese letters and characters do not show up, this si very frustrating and I would like this problem to be resolved, I might just buy a fresh copy of windows and reinstall if this is not taken care on in a timely manner.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 PM

Posted 14 May 2012 - 12:46 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    Rundll32.*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please let me know the extension of the Rundll32 file that is given you this problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users